VYPR

npm package

iobroker.js-controller

pkg:npm/iobroker.js-controller

Vulnerabilities (1)

  • CVE-2019-10767HigNov 21, 2019
    affected < 2.0.25fixed 2.0.25

    An attacker can include file contents from outside the `/adapter/xxx/` directory, where `xxx` is the name of an existent adapter like "admin". It is exploited using the administrative web panel with a request for an adapter file. **Note:** The attacker has to be logged in if the